Trailrunner7 writes: Google is continuing to introduce new security technologies in its Chrome browser, and the latest addition on the horizon is support for unprefixed Content Security Policy, a behind-the-scenes improvement designed to prevent malicious script injections. The technology is included in the beta of Chrome 25, which was released earlier this week, and will soon find its way into the stable channel.

One of the many attack vectors that have made life easier for the bad guys in the last few years is cross-site scripting. This attack relies on specific vulnerabilities in Web applications that allow attackers to get their own malicious scripts onto a legitimate Web page. Browsers will then run those scripts as if they were part of the trusted Web page, enabling the attacker to plant malicious code on a victim's machine or steal sensitive data.

Content Security Policy is one mechanism for preventing these kinds of attacks by allowing users to define which content sources they trust. Chrome then will run scripts only from those trusted sources, creating a whitelist of known good content sources and ignoring content from all other sources.

It's possible to have a democracy in which every decision is made by majority rule, but the majority is dissatisfied with the majority of the decisions. You just have to have a small percentage that wins all the time.

"I will probably never be able to describe just how horrible it has been to be me for the last three or four years, and I certainly will not insult you now by attempting to do so; suffice it to say that anything must be better than this dubious existence. [...] I will be shutting persephone down for an indeterminite period while I try to work out whether I have a future."